Opt v ty Policy Services 

for the Enterprise 


Features and Benefits 

• End-to-end network QoS provisioning 

• Optimized performance of business- 
critical applications 

• Common Open Policy Service (COPS) 
protocol support 

• Efficient bandwidth management 

• Multi-vendor, multi-directory 
capabilities 


You understand your business priorities, 
but your network doesn’t. Multimedia, 
Web, electronic commerce, and 
Enterprise Resource Planning (ERP) 
traffic all compete for the same resources, 
regardless of each application’s relative 
importance to your business. As telephony 
and data networks begin to converge, 
network resources are becoming even 
more valuable and need to be managed 
efficiently to deliver maximum 
performance. As part of its Unified 
Management strategy, Nortel Networks 
provides a proactive management tool 
that uses policies to prioritize business- 
critical traffic: Optivity* Policy Services 
for the Enterprise. 


Optivity Policy Services is a prime example 
of how Nortel Networks’ Unified 
Management delivers efficient, effective, 
system-level management solutions. 
Rather than applying policies on a 
per-device basis, Optivity Policy Services 
takes a system-level approach to policy 
configuration and deployment, and allows 
a network manager to address the needs 
of telephony, video, and data applications 
as an integrated system. 
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Unified Management 

Nortel Networks creates greater value 
for customers worldwide through the 
integration of telephony, video, and 
data networking. With its Unified 
Management strategy, Nortel Networks 
is using its experience as the leader in 
campus, WAN, and telephony management 
to bring the following core values to the 
enterprise network manager: 

• Managing campus, WAN, and telephony 
networks as an integratedjystemr^" 

• Dehyefkrg^fagmatic, directory-based 
policy management. 

• Application optimization. 

• Operational simplicity. 

The need for policy 
management 

The dramatic increase in network traffic 
has made the capability to prioritize 
e-commerce and other business-critical 
applications, such as Internet telephony, 
a business requirement. Network 
administrators must be able to centrally 
provision network resources through the 
establishment of network policies. These 
policies can then be translated into specific 
device settings for classifying, policing, 
and shaping traffic, as well as scheduling 
restrictions on bandwidth utilization. 

Optivity Policy Services offers an effective 
solution to application prioritization 
and bandwidth management. The 
solution gives customers the advantage 
of centralized policy control to configure 
QoS, enables the assignment of 
differentiated service levels to business- 
critical applications, automates QoS 
configuration and provisioning, and 
makes more efficient use of available 
bandwidth. 


Policy-enabled networking 

In a policy-enabled network, the allocation 
of network resources to applications, 
users, and groups is based on a set of 
defined rules. This approach provides the 
network manager with tight control over 
traffic prioritization based on the business 
importance of applications. 

Policies are created to bind these business 

priorities to the allocati on of availab le- -- 

j^&auj^esrrrTstructing the network on how 
it should behave in specific situations. 

These policies are defined based on criteria 
such as a user’s access rights, security 
levels, and job requirements. Policies can 
also be based on application requirements, 
such as latency. All policies are defined 
within a Lightweight Directory Access 
Protocol (LDAPv3) directory server. 

Optivity Policy Services is associated 
with a number of enabling technologies, 
including QoS, Differentiated Services 
(DiffServ), and the Common Open 
Policy Service (COPS) protocol. 

• QoS refers to the performance levels 
extended to IP traffic as it moves 
through the network — performance 
levels that are determined by Optivity 
Policy Services. QoS is characterized 
and quantified by such metrics as 
availability, response time, and 
packet loss. 

• DiffServ is a QoS architecture that sets 
the DiffServ (DS) codepoint in the IP 
header, marking the traffic at the edge 
of the network. The DS codepoint is 
used to determine appropriate per-hop 
behavior. Since it focuses on per-hop 
behavior, it does not require the 
complexity associated with maintaining 
per-flow soft state at each node. 

• COPS is a client/server protocol used 
for communicating policy information 
between a policy server and its clients, 
such as routers or switches. 


Optivity Policy Services 
architecture 

Optivity Policy Services can provide 
traffic prioritization in data and telephony 
networks. The product’s architecture 
builds upon a three-tier architecture that 
provides redundancy and fault tolerance. 
This architecture also allows policy- 
enabled networking to be achieved in 

For the 1.1.1 release of Optivity Policy 
Services, DNS and DHCP services are 
managed separately by Optivity NetID 
4.2. Handling DNS and DHCP 
management and policy management 
with separate applications not only 
simplifies the architecture of Optivity 
Policy Services, it makes software 
upgrades easier and simplifies licensing. 

It also facilitates the identification and 
resolution of technical issues. 

Optivity Policy Services is a software 
solution that consists of the following 
components: Policy Management 
Console, Application Server, Server 
Manager, Policy Server, Policy Directory, 
and runtime database. 

Policy Management Console: The Policy 
Management Console provides a complete 
platform for managing policy information 
and Policy Servers. The Java interface 
gives network administrators access to the 
Policy Directory from any Web browser. 

Application Server: The Application 
Server supplies Java applets for the Policy 
Management Console. It communicates 
with the Policy Management Console 
over HTTP and with the Policy Directory 
via LDAP. 
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Server Manager: The Server Manager is 
the interface between the Policy Servers 
and the Policy Directory. Along with 
providing the servers with their initial 
configuration, the Server Manager delivers 
incremental configuration changes to 
Policy Servers across the network. 

Policy Server: The Policy Server receives 
configuration data from the Server 

er and di stributes it to the network 
devices via COPS or cbrnri 
interface (CLI). Policy Servers can be 
distributed throughout the network 
for enhanced scalability. 

Policy Directory: The Policy Directory 
is an LDAPv3 directory server that stores 
policy information within a Directory 
Enabled Networking (DEN) compliant 
schema. 

Runtime database: The Oracle runtime 
database stores user and group information, 
as well as other operational logs and 
information. 


Figure 1: Optivity Policy Services 
Architecture. 



Features and Benefits 

Prioritizing business-critical 
traffic 

In a standard network, when the network 
traffic passing through an edge device 
exceeds its bandwidth capacity, the data 
packets are placed in queues until they 
can be sent. Depending on the extent 
of the congestion, data packets could be 
dropped or delayed, regardless of their 
importance. In an Optivity Policy 
SemcSS’-enayed network, when the traffic 
reaches the edge dSvfee^iiiformation such 
as source and destination IP ad 
port numbers is read from each packet. 
Each packet is then marked with a 
DiffServ codepoint to associate it with a 
specific service level. These service levels 
determine the priority of the queues; for 
example, all traffic with a service level of 
gold is mapped to a higher-priority queue 
than traffic with a service level of bronze. 
Therefore, when bandwidth becomes 
available, the gold traffic, which is more 
important to your business, is sent before 
the bronze traffic. 

The classification process performed 
by a policy-enabled edge device does 
not reduce the overall throughput of data 
in comparison to standard edge devices. 
However, classifying packets does 
significantly enhance the throughput 
of business critical data, since it is given 
preferential treatment. 


Oracle runtime database 
LDAPv3 directory servers 


Application 

Servers 


End-to-end QoS 
network provisioning 

Optivity Policy Services implements 
QoS end-to-end across Nortel Networks 
devices such as Passport* 8600 Routing 
Switches, BayRS routers, and Passport 
6400 Multiservice Switches. Many 
infrastructure vendors support policy- 
based management, but only on their 
WAN edge routers. The Nortel Networks 
Optivity Policy Services solution supports 
policy-based management on edge routers 
as well as Layer 3 switches, allowing 
QoS provisioning to be established at 
every level, from the access edge to the 
server farm. 

Optimized performance of 
business-critical applications 

Low-priority application trafifi<^can 
frequently compromise the perforrhance 
of business-critical and latency-sensitive 
traffic. Instead of settling for a best-effort 
level of service for all traffic, Optivity 
Policy Services provides network managers 
with the ability to assign appropriate 
service levels for business-critical 
applications. For example, customers can 
use Optivity Policy Services to prioritize 
business-critical traffic, such as SAP, over 
traffic that has less significance to their 
business, such as routine Web traffic. 

Centralized QoS configuration 
and management 

Configuration of QoS priorities across the 
network on a per-device basis is unwieldy 
and time-consuming. Policy management 
provides the most effective, efficient way 
to manage QoS in an enterprise network, 
and Optivity Policy Services provides a 
framework that simplifies the management 
and configuration of QoS features. 
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Policies are defined from an intuitive 
management interface, classifying traffic 
by the DS codepoint in the IP packet 
header, and then downloaded to devices 
via centralized Policy Servers. 

Efficient bandwidth 
utilization in the WAN 

Adding bandwidth resources in the WAN 
is an expensive proposition that requires 
continual capacity planning as network 
usage increases. It also cannot guarantee 
the performance of business-critical 
applications. Although over-provisioning 
bandwidth does relieve congestion, spikes 
in the amount of traffic flowing over a 
network can still tie up bandwidth and 
interrupt business-critical applications’ 
transmissions. Optivity Policy Services 
addresses the problem of limited 
bandwidth in a more cost-effective 
manner by ensuring that traffic from 
business-critical applications is given 
greater access to WAN resources. 

Classifying traffic before it is sent to 
the^WAN is also important for WANs 
that uks^COPS-compliant devices. These 
COPS-corkgliant WAN devices will 
honor the markings applied to your 
network traffic by ysmr edge devices so 
that your traffic will be^given a consistent 
level of service end-to-endN 

Multi-vendor, multi-dirfectory 

Recognizing that most enterprise netwprks 
are made up of a mixture of hardware 
and software from various manufacturers, 
Optivity Policy Services provisions 
policies to network elements via standard 
protocols, delivering support for 
multi-vendor environments. Policies 
are provisioned by COPS or by CLI (for 
non-standard or legacy devices), enabling 


Figure 2: Application Differentiation in the Enterprise Environment. 



Web 

Server 


Optivity Policy Services to support both 
Nortel Networks and Cisco devices. 
Optivity Policy Services will support 
BayRS 13.20, Passport 3.0, Passport 6400 
V7.0, and Cisco IOS 11.3 devices. 

Optivity Policy Services supports both 
the Novell eDirectory and the Netscape 
Directory Server. Also, to make the 
most efficient use of customer’s on-hand 
hardware, Optivity Policy Services can be 
installed on either Solaris 2.6 or Windows 
NT 4 machines. All servers can commu¬ 
nicate with each other according to the 
defined architecture, regardless of the 
operating system used by the machine a 
server is hosted on. 

Extensible architecture 

Optivity Policy Services leverages a three- 
riered, extensible architecture to deliver 
a scalable policy management solution 
for enterprise environments. A Server 
Manager functions the intermediary 
between the directory and the Policy 
Server and the directory. Multiple Policy 
Servers can alsfo be deployed to reduce 
traffic and introduce an additional level 
of fault tolerance. 


Optivity Policy Services’ open, standards- 
based architecture enables the solution 
to support IP telephony applications and 
IP-enabled PBX phone systems. 

Scheduling 

During peak network use, network 
managers need to make sure that 
application traffic that is not business- 
critical, such as file transfers or routine 
Web traffic, doesn’t consume excessive 
amounts of bandwidth. For example, 
during the normal business hours of 9 a.m. 
to 3 p.m., bandwidth is at a premium for 
enterprises. Optivity Policy Services 
enables network managers to upgrade 
or downgrade service levels based not only 
on the time of day, but also by day of the 
week, or week of the month/quarter. 

By creating a policy to provide a best-effort 
level of service for generic traffic during 
peak demand times, bandwidth availability 
can be ensured for business-critical traffic. 
When resources are less constrained, 
service levels for non-critical applications 
can be upgraded. 
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Java-based management 

The Policy Management Console can 
be launched from Java-enabled Web 
browsers, enabling multiple administrators 
to access the centralized Policy Directory 
and update policy information anywhere, 
any time. The Policy Management Console 
provides an intuitive and familiar platform 
for policy management. The browser 
interface organizes information 
hierarchically and provides administrators 
with a graphical overview of the policy 
structure. 

Differentiated Services 
technology 

The Optivity Policy Services solution uses 
DiffServ technology to prioritize network 
traffic. Service levels are associated with a 
DiffServ codepoint (formerly referred to 
as the Type of Service or ToS byte). 
DiffServ is a QoS architecture that sets 
the DiffServ codepoint in the IP header. 
This marks the traffic at the edge of the 


network, and it is used to determine the 
appropriate per-hop behavior given to 
the traffic by the network devices. 

Application differentiation 

Optivity Policy Services enables network 
administrators to identify traffic flows 
and mark these flows for priority. 

Network devices identify the application 
based on information within a traffic flow. 
Differentiation can be based on the 
following information: 

• Source or destination IP address. 

• Source or destination IP port. 

• IP protocol. 

• URL destinations and mime types. 

• Arbitrary user-defined deep-packet 
values. 

The application can then be logically 
“classified” based on these identifiers. 
When the network device detects traffic 
meeting the classification criteria, it 
will “mark” the DiffServ codepoint nz) 
prescribe downstream per-hop behavior. 
Based on the DiffServ codepoin£ end-to- 
end treatment of traffic is standardized 
without further deep-packet inspection. 


The application is then logically defined 
based on these identifiers. When the 
network device detects traffic meeting 
the specified parameters, it examines 
the packets, reads the DiffServ setting, 
and forwards the application traffic based 
on its service level. 

HTML and user-based policies 

In addition to creating differentiated 
levels of service by applications, Optivity 
Policy Services enables administrators to 
prioritize Web-based applications based 
on specified URLs. This alkJws business- 
critical Web-based applications that 
require a high level of service, such as 
electronic commerce, to be differentiated 
from and/prioritized over Web-based 
applications that only require best-effort 
levels of service. 

In addition, since not every user on a 
network requires that same level access 
to network resources, Optivity Policy 
Services can assign policies to users based 
on their static IP addresses. For example, 
a system administrator could be given 
a gold level of service and a product 
manager a silver level of service. 


Hardware and Software Requirements 

Table 1: Hardware and software requirements for Optivity Policy Services 1.1. 


Product 

Disk Space 

Memory** 

Platform 

Hardware 

Policy Management Console 

As required by 

# 

As required by 

Netscape 

As required by 


Web browser 

Web browser 

Internet Explorer 

Web browser 

Server Manager 

25 MB 

64 MB 

Windows NT 4.0 

Pentium 300 


i 


Solaris 2.5, 2.6 

Sun UltraSPARC 

Application Server 

25 MB 

64 MB 

Windows NT 4.0 

Pentium 300 




Solaris 2.5, 2.6 

Sun UltraSPARC 

Policy Server 

25 MB 

64MB 

Windows NT 4.0 

Pentium 300 


Solaris 2.5, 2.6 


Sun UltraSPARC 
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Table 1: Hardware and software requirements for Optivity Policy Services 1.1 (continued). 


Product 

Disk Space 

Memory** 

Platform 

Hardware 

Netscape Directory Server 

200 MB 

64MB 

Windows NT 4.0 

Pentium 300 

Novell eDirectory 

500 MB 

64 MB 

Solaris 2.5, 2.6 

Linux 

Sun UltraSPARC 


Oracle Server 

500 MB 

128 MB 

As supported by 

database vendor 

As supported by 

database vendor 


*Note — Memory sizing is not cumulative. 


Ordering Information 

Table 2: Optivity Policy Services Ordering Information. 


Order Number Description 


AH3313039-1.1.1 Optivity Policy Services 1.1.1: manages up to 100 policy interfaces on Windows NT or Solaris. Includes runtime 
database for NT, Oracle 8 Workgroup Server licensed for 5 users, as well as Netscape Directory Server for NT. 
Oracle runtime database for Solaris must be ordered separately. IP Address functionality now managed separately. 


Acronym Glossary 

CLI Command Line Interface 

COPS Common Open Policy Service 

DEN Directory Enabled Networking 

DiffServ Differentiated Services 

(RFC 2474/2475) 

DS Diffserv 

LDAP Lightweight Directory 

Access Protocol 

PBX Private Branch Exchange 

QoS Quality of Service 

URL Uniform Resource Locator 

WAN Wi de Area N etwork 
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